3.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%
Alladin Ghostscript, a previewer for postscript files, creates temporary files with a predictable names. The creation allows attackers to use symbolic links to overwrite other files on the host.
Alladin Ghostscript is a previewer for postscript files. It creates temporary files using the mktemp() call, which creates files with predictable names based on the process number for the process running Ghostscript. The prior existence and ownership of the temporary file is not checked by the mktemp() call.
By creating a symbolic link with the appropriate name, an attacker may overwrite any file writable by the user running Ghostscript. This is particularly dangerous for the root account, which could lead to overwriting of system files, including the password file, and raising of the attacker’s access privileges.
Apply vendor patches; see the Systems Affected section below.
227312
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: November 22, 2000 Updated: June 26, 2001
Affected
<http://www.caldera.com/support/security/advisories/CSSA-2000-041.0.txt>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23227312 Feedback>).
Notified: November 22, 2000 Updated: July 02, 2001
Affected
<http://www.linuxsecurity.com/advisories/other_advisory-919.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23227312 Feedback>).
Notified: November 22, 2000 Updated: July 02, 2001
Affected
http://www.debian.org/security/2000/20001123
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23227312 Feedback>).
Notified: November 22, 2000 Updated: July 02, 2001
Affected
<http://www.linuxsecurity.com/advisories/other_advisory-957.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23227312 Feedback>).
Notified: November 22, 2000 Updated: June 26, 2001
Affected
<http://www.linuxsecurity.com/advisories/mandrake_advisory-914.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23227312 Feedback>).
Notified: November 22, 2000 Updated: June 26, 2001
Affected
<http://www.linuxsecurity.com/advisories/redhat_advisory-909.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23227312 Feedback>).
Notified: November 15, 2000 Updated: August 21, 2001
Affected
<http://www.linuxsecurity.com/advisories/suse_advisory-879.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23227312 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Dr. Werner Fink of SuSE first reported this vulnerability.
This document was last modified by Tim Shimeall.
CVE IDs: | CVE-2000-1162 |
---|---|
Severity Metric: | 4.05 Date Public: |
www.caldera.com/support/security/advisories/CSSA-2000-041.0.txt
www.debian.org/security/2000/20001123
www.linuxsecurity.com/advisories/mandrake_advisory-914.html
www.linuxsecurity.com/advisories/other_advisory-919.html
www.linuxsecurity.com/advisories/other_advisory-957.html
www.linuxsecurity.com/advisories/redhat_advisory-909.html
www.linuxsecurity.com/advisories/suse_advisory-879.html
www.securityfocus.com/bid/1990